White House Cyber Summit: Why top tech cyber pledges aren't enough

The Biden administration might have called on high profile figures to improve cybersecurity, but the reality is it's down to all businesses to tighten up their IT security measures.

The recent White House Cyber Summit with high profile leaders of some of the world’s biggest tech, energy, and financial services companies was a sign that the Biden administration is doubling down on its effort to prevent cyber attacks.

After the summit, the US National Institute of Standards and Technology (NIST) announced they will work with industry partners to create "a new framework to improve the security and integrity of the technology supply chain."

Cybercrime has never been a bigger threat to businesses as it is today, so it’s encouraging to see the White House taking the issue seriously by holding the Cyber Summit. But cybersecurity isn’t just a problem for big businesses to worry about -- it involves every single business doing their part and securing their IT assets.

In 2020 alone, the US Federal Trade Commission received 1.4 million reports of identity theft, up 50 percent from 2019. Malware increased by 358 percent and ransomware was up by 435 percent.

According to the PwC Global Economic Crime and Fraud Survey, 47 percent of companies experienced fraud in 2020. And with the average cost of a data breach reported to be $3.86 million, businesses can no longer afford to hope the issue never reaches them.

The basic premise of good cybersecurity is that you can't protect what you can't see, so the critical first step when it comes to basic cyber hygiene is to maintain visibility of your IT environments and develop the relevant daily routines to inspect and verify.

Having this information alerts IT departments to any potential vulnerabilities on unprotected networked devices that could pose a threat to corporate data and assets -- a capability that's especially important now that the majority of the workforce is remote.

For many years, Asset Inventory has been at the very top of most industry-leading security frameworks such as ISO, NIST, and CIS. Indeed, the first element of the NIST core framework is "identify".

While scenario-based IT asset management (ITAM) solutions are widely available, agentless discovery and agent-based scanning go one step further to rapidly assemble a complete and accurate IT asset inventory that provides users with end-to-end visibility of their IT asset ecosystem. 

This is the next evolution of IT asset management, ITAM 2.0. Because it’s no longer just about adopting smarter, automated technology, but understanding and analyzing where IT assets are, what they do and how they’re being used.

ITAM 2.0 turns the process of creating asset inventories on its head. Rather than collecting IT asset data to meet the criteria of specific IT scenarios, ITAM should be a scenario-independent endeavor, with the goal of creating a single source of truth.

Many businesses have been rocked by disruption over the past 18 months from changing global economies to adapting to new work environments and use of home technology entering the corporate network -- CIOs and IT leaders are now facing even more IT asset management challenges than ever before.

Only with a complete, 360-degree view of an IT infrastructure can CIOs and IT leaders detect and protect corporate assets and their organization from the ever-evolving and rapidly expanding threat landscape.

Some key questions were raised at White House Cyber Summit, every one of which CIOs, IT and business leaders should be providing their own answer to.

How do businesses secure their software and build better hardware?

Outdated software is vulnerable to various types of cybersecurity threats, so it's critical to know every asset of your IT estate and make sure your systems receive all necessary updates and patches to keep your network safe. ITAM solutions will provide information about software versions and vulnerabilities, enabling you to quickly identify machines and devices in need of an update or patch.

Hardware doesn't last forever, and old devices and services probably don't have the most recent security upgrades. What's more, hardware failures cause 53 percent of all data loss and system downtime. With information about your hardware assets and warranties available in your IT asset inventory, you can take rapid action to repair or replace outdated or damaged hardware, before they pose a risk to the organization.

How can companies put in place strong incident response to cyber attacks?

An incident response plan should define roles and offer step-by-step technical instructions for how to fix the vulnerability, assess the damage, restore any lost or damaged data, and document the incident.

Having everyone aligned on a plan of action - with access to a central data repository so everyone's working off the same information -- will minimize the impact of an incident and protect the business from unnecessary damage and costs.

How can we use tech more securely?

The best method to protect against ransomware and cyber threats is not something an individual can do alone. However, there are simple steps that we can all employ to drastically reduce the threat of a cyberattack:

• Keep your programs and systems up-to-date
• Do not click on unsafe links
• Do not provide personal information to unknown sources
• Do not open suspicious email attachments
• Do not use unknown USB sticks
• Only use trustworthy download sources
• Use your VPN on public networks

CIOs and IT leaders need the tools to build and maintain a complete, up-to-date and accurate IT asset inventory. Only then can they begin to minimize risk and optimise their IT with complete visibility and actionable insights into their IT estate.

Image Credit: Andrea Izzotti / Shutterstock

Dave Goossens is CEO at IT asset management provider Lansweeper